fix up the jargon a bit

[wiki.git] / doc / kerberized-server.mdwn

diff --git a/doc/kerberized-server.mdwn b/doc/kerberized-server.mdwn
index bb36f93446d14633f08df7a96fd0b0119546a8ba..953075953a64d85c459f6e9734cb74abbd1a3a3f 100644 (file)
--- a/doc/kerberized-server.mdwn
+++ b/doc/kerberized-server.mdwn
@@ -44,11 +44,11 @@ To change the supported enctypes, run `kadmin`:
 
     kadmin -p daemon/kronborg.mit.edu  -k -t daemon.kronborg.keytab
 
 
     kadmin -p daemon/kronborg.mit.edu  -k -t daemon.kronborg.keytab
 

-Then, create new keys:
+From within `kadmin`, to create new keys:

 
     ktadd -k daemon.kronborg.keytab -e aes256-cts:normal -e aes128-cts:normal daemon/kronborg.mit.edu
 
 
     ktadd -k daemon.kronborg.keytab -e aes256-cts:normal -e aes128-cts:normal daemon/kronborg.mit.edu
 

-After all tickets currently issued against your service expire (which will happen after at most one day), you should remove the old keys from your keytab:
+After all tickets currently issued against your service expire (which will happen after at most one day), you should remove the old keys from your keytab. If there are no outstanding tickets, you can do this from within `kadmin`:

 
     ktremove -k daemon.kronborg.keytab daemon/kronborg.mit.edu old
 
 
     ktremove -k daemon.kronborg.keytab daemon/kronborg.mit.edu old